Privacy Policy

Effective date: 09/01/2025
Last updated: 10/10/2025

1) Who we are

This website (the “Site”) is operated by LOLUIS (“LOLUIS,” “we,” “us,” “our”).
Website: loluis.com
Contact: [email protected] | https://www.loluis.com/contact-us
Address: 4416 E Yellowstone Place, Chandler, Arizona 85249, United States.

2) Scope

This Policy explains how we collect, use, disclose, retain, secure, and transfer personal information when you visit the Site, create an account, make a purchase (on this Site or via marketplaces like Amazon), contact us, or interact with our services. It applies to consumers in the U.S. and, where noted, provides additional disclosures for the EEA/UK and California.

3) Information we collect

We collect information in three ways: (A) you provide it, (B) it’s collected automatically, and (C) from third parties (e.g., Amazon, payment processors).

A. Information you provide

  • Account & profile: name, email, password (hashed), phone, shipping/billing addresses.

  • Orders & support: order details, messages, returns/refunds, surveys.

  • Marketing preferences: newsletter opt-ins/opt-outs.

B. Information collected automatically

  • Device & usage: IP address, device identifiers, browser type, pages viewed, time on page, referring URLs, approximate location (city/region).

  • Cookies & similar tech: pixels, tags, local storage. See Section 10 (Cookies & tracking).

C. Information from third parties

  • Payment processors: payment status, last 4 digits/brand of card (we do not store full card numbers).

  • Logistics providers: tracking numbers, delivery confirmations.

  • Marketplaces (e.g., Amazon): shipping name, address, phone, email; order ID; items/quantities required for fulfillment and post-shipment support.

4) How we use information (purposes)

We use personal information to:

  1. Fulfill orders and provide customer service (labels, delivery updates, returns).

  2. Operate and secure the Site (fraud prevention, debugging, incident response).

  3. Communicate with you (order notices, support, service updates).

  4. Improve products/services and analytics (aggregated statistics, product planning).

  5. Comply with legal obligations and enforce our Terms.

We do not use Amazon marketplace customer data for marketing or advertising.

5) Legal bases (EEA/UK where applicable)

  • Contract: to process orders and provide services.

  • Legitimate interests: to secure our services, prevent fraud, improve our offerings.

  • Consent: for non-essential cookies/marketing where required.

  • Legal obligations: tax, accounting, regulatory reporting.

6) Sharing & disclosures

We share personal information with:

  • Service providers / processors: hosting, cloud storage, security, email/SMS, analytics, payment, logistics. They act under written agreements and process data only on our instructions.

  • Marketplaces & payment partners: as needed for the transaction you initiate (e.g., Amazon, PayPal).

  • Authorities / legal: when required by law or to protect rights, safety, and security.

  • Business transfers: merger, acquisition, or asset sale (with appropriate safeguards).

We do not “sell” personal information for money and do not share for cross-context behavioral advertising (as defined by certain U.S. state laws). See Section 12 (Your rights) for opt-out choices.

7) Amazon Selling Partner data (SP-API / Seller Central)

When you purchase our products on Amazon, we receive limited customer shipping details to fulfill your order and provide post-shipment support.

  • Data received: recipient name, shipping address, phone, email; order ID; items/quantities; carrier/tracking.

  • Use: strictly to fulfill orders, verify addresses, update delivery status, process returns/refunds, and handle customer inquiries; fraud/abuse prevention. No marketing use.

  • Access controls: role-based (least-privilege), SSO + MFA for authorized personnel; secrets and API keys in a Secrets Manager with regular rotation.

  • Security: encryption in transit (TLS 1.2+) and at rest (AES-256); private network segments; WAF/firewall; audit logs of access and exports; centralized monitoring (SIEM) with alerts.

  • Retention: ≤ 30 days after shipment, then deletion or anonymization. Non-PII order metrics may be retained (e.g., SKU counts, revenue).

  • We do not store PII in logs; logs are redacted and retained for security monitoring.

  • Incident response: documented IR plan; if Amazon data is impacted, we will notify Amazon within 24 hours and affected individuals as required by law.

  • Security incidents. If Amazon data is potentially affected by a security incident, we will notify Amazon at [email protected] within 24 hours in accordance with our incident response procedures.

8) Data retention

We keep personal information only as long as necessary for the purposes outlined above or as required by law.

Category Purpose Typical Retention
Amazon shipping PII (name, address, phone, email) Fulfillment & post-shipment support ≤ 30 days after shipment, then delete/anonymize
Order IDs, SKUs, revenue (non-PII) Accounting, reporting Up to 7 years (or as required by law)
Site account/profile Provide account While account is active; delete upon request (unless legal retention applies)
Support tickets Customer service Up to 2 years after closure
Security logs Security, fraud prevention ≥ 90 days (aggregated/anonymized thereafter)
Marketing preferences Consent management Until you opt-out or delete

9) Security

We implement encryption in transit and at rest, SSO with multi-factor authentication for privileged access, least-privilege role-based access controls, network segmentation, vulnerability management, centralized logging and alerting, and regular reviews of access. We require strong, unique passwords and MFA for administrative access. No security method is 100% secure, but we use measures appropriate to the risk. Passwords meet or exceed Amazon DPP 1.4 requirements and are rotated at least quarterly.

10) Cookies & tracking technologies

We use cookies and similar technologies to operate the Site, remember preferences, analyze traffic, and (where applicable) personalize content.
Categories:

  • Strictly necessary (site operation, cart, checkout).

  • Functional (preferences).

  • Analytics (e.g., Google Analytics).

  • Advertising (only if in use; otherwise note “not used”).

Where required, we display a cookie banner and obtain consent for non-essential cookies. You can manage cookies in your browser or via our banner/settings page.

11) International transfers

We may process and store information in the United States and other countries where we and our providers operate. Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses) for transfers from the EEA/UK/Switzerland.

12) Your rights & choices

Depending on your location, you may have rights to:

  • Access the personal information we hold about you.

  • Correct inaccurate or incomplete data.

  • Delete your data (subject to legal exceptions).

  • Portability (receive a copy in a portable format).

  • Restrict or object to certain processing.

  • Opt-out of marketing emails (unsubscribe link in messages).

  • Manage cookies (via banner/link and browser settings).

  • Do Not Sell or Share: We do not sell/share your personal information for cross-context behavioral advertising; if that changes, we will update this Policy and provide an opt-out link.

How to exercise: email [email protected] or use https://www.loluis.com/contact-us. We may need to verify your identity. You may designate an authorized agent where permitted by law.

California (CPRA) disclosures

  • Categories collected: identifiers (name, email, phone, address), commercial info (orders), internet/electronic activity (usage), geolocation (coarse), inferences (only minimal for operations).

  • Sensitive data: we do not intentionally collect sensitive personal information as defined by CPRA, except where required for fraud/security.

  • Retention: see Section 8.

  • Non-discrimination: we will not discriminate against you for exercising CPRA rights.

EEA/UK

You may lodge a complaint with your local supervisory authority. Our lawful bases are listed in Section 5.

13) Children’s privacy

The Site is not directed to children under 13 (or under the applicable age of digital consent). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us to request deletion.

14) Third-party links & services

Our Site may link to third-party websites or services. Their privacy practices are governed by their own policies. We are not responsible for third-party content or practices.

15) Payment processing

Payments are processed by third parties (e.g., Stripe, PayPal). Their handling of your personal information is governed by their privacy notices. We do not store full payment card numbers.

16) User-generated content

If you post reviews or comments, they may be publicly visible. Please do not submit information you prefer to keep private.

17) Changes to this Policy

We may update this Policy from time to time. Changes take effect when posted on this page with the “Last updated” date. If changes materially affect your rights, we will provide additional notice (e.g., email or prominent notice on the Site).

18) How to contact us

For questions or requests regarding this Policy or your personal information:
Email: [email protected]
Postal: LOLUIS, 4416 E Yellowstone Place, Chandler, Arizona 85249, United States.
Web form: https://www.loluis.com/contact-us

Short Amazon addendum

Amazon Data Handling Addendum. For Amazon purchases, we handle Amazon customer data strictly for order fulfillment and post-shipment support; we retain shipping PII no longer than 30 days after shipment and then delete or anonymize it. All Amazon PII is encrypted in transit and at rest, access is least-privilege with MFA, and all access/exports are audit-logged. Incidents affecting Amazon data will be reported to Amazon within 24 hours as required. We do not store PII in logs; logs are redacted and retained for security monitoring.